Local Priv Escalation via Confused Deputy in GMC Mba DDR Driver
CVE-2026-0107 Published on March 10, 2026

In gmc_ddr_handle_mba_mr_req of gmc_mba_ddr.c, there is a possible escalation of privileges due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-0107 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Confused Deputy Vulnerability?

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor.

CVE-2026-0107 has been classified to as a Confused Deputy vulnerability or weakness.


Products Associated with CVE-2026-0107

Want to know whenever a new CVE is published for Google Android? stack.watch will email you.

Google Android
 

Affected Versions

Google Android Version Android kernel is affected by CVE-2026-0107